Overview The authentication API uses NextAuth.js for session management and provides endpoints for user registration, email verification, password recovery, and session handling. All authentication endpoints use JWT tokens for session management.
Send verification email POST /api/auth/verify-email
curl -X POST https://api.solbid.com/api/auth/verify-email \ -H "Content-Type: application/json" \ -d '{ "email": "user@example.com" }'
Sends a 6-digit OTP verification code to the user’s email address. This is used during the signup process to verify email ownership.
Request body User’s email address. Must be a valid email format.
Response Success message indicating OTP was sent
201 Success
200 User exists
400 Invalid email
{ "message" : "OTP verification email send" }
The OTP expires after 5 minutes and is stored in the database for verification.
Verify email OTP GET /api/auth/verify-email
curl "https://api.solbid.com/api/auth/verify-email?email=user@example.com&otp=123456"
Verifies the OTP code sent to the user’s email address.
Query parameters 6-digit OTP code sent to the email
Response Verification status message
200 Success
401 Invalid OTP
400 Invalid data
{ "message" : "OTP verified successfully" }
OTP codes are valid for 5 minutes from creation time.
Authenticate user POST /api/auth/[...nextauth]
curl -X POST https://api.solbid.com/api/auth/callback/credentials \ -H "Content-Type: application/json" \ -d '{ "email": "user@example.com", "password": "securePassword123" }'
Authenticates a user using NextAuth.js credentials provider. Supports both email/password and OAuth providers.
Request body User’s password (minimum 3 characters)
Response Authenticated user information URL to user’s profile image
This endpoint is managed by NextAuth.js and supports both GET and POST methods for various authentication flows.
Request password reset POST /api/auth/forgot-password
curl -X POST https://api.solbid.com/api/auth/forgot-password \ -H "Content-Type: application/json" \ -d '{ "email": "user@example.com" }'
Sends a password reset OTP to the user’s registered email address.
Request body User’s registered email address
Response 200 Success
404 User not found
403 Invalid email
{ "message" : "OTP sent to your email" }
Reset password POST /api/auth/reset-password
curl -X POST https://api.solbid.com/api/auth/reset-password \ -H "Content-Type: application/json" \ -d '{ "email": "user@example.com", "password": "newSecurePassword123" }'
Resets the user’s password after OTP verification.
Request body New password (minimum 3 characters)
Response 200 Success
404 User not found
403 Invalid data
{ "message" : "Password reset successfully" }
Passwords are hashed using bcrypt with a salt round of 10 before storage.